---
- name: install packages
  apt:
    name:
     - unattended-upgrades
     - apt-listchanges
     - update-notifier-common

- name: Create unattended upgrades configuration file
  ansible.builtin.blockinfile:
    dest: /etc/apt/apt.conf.d/20auto-upgrades
    block: |
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Unattended-Upgrade "1";
    marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades settings"
    create: true
    mode: "0644"
    owner: root
    group: root
  register: unattended_upgrades_config_set

- name: Enable automated reboots
  ansible.builtin.blockinfile:
    dest: /etc/apt/apt.conf.d/50unattended-upgrades
    block: |
      Unattended-Upgrade::Automatic-Reboot "true";
      Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}";
    marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades settings"
    create: true
    mode: "0644"
    owner: root
    group: root
  register: unattended_upgrades_settings_set

- name: template configuration
  ansible.builtin.template:
    src: unattended-upgrades.j2
    dest: /tmp/test.conf

- name: origins to upgrade
  ansible.builtin.lineinfile:
    dest: /etc/apt/apt.conf.d/50unattended-upgrades
    line: "\t\"{{ item }}\";"
    search_string: "\t\"{{ item }}\";"
    state: present
    insertafter: "^Unattended-Upgrade::Allowed-Origins"
  loop:
    # std ubuntu
    - '${distro_id}:${distro_codename}'
    - '${distro_id}:${distro_codename}-security'
    # ESM
    - '${distro_id}ESMApps:${distro_codename}-apps-security'
    - '${distro_id}ESM:${distro_codename}-infra-security'
    # crowdsec
    - 'packagecloud.io/crowdsec/crowdsec:${distro_codename}'
    # Docker
    - 'Docker:${distro_codename}'

      #   # "${distro_id}:${distro_codename}";
      #   # "${distro_id}:${distro_codename}-security";
      #   # "packagecloud.io/crowdsec/crowdsec:${distro_codename}";
      #   # "Docker:${distro_codename}";

      # "${distro_id}ESMApps:${distro_codename}-apps-security";
      # "${distro_id}ESM:${distro_codename}-infra-security";


- name: Dpkg reconfigure
  ansible.builtin.command:
    cmd: dpkg-reconfigure -f noninteractive unattended-upgrades
  register: dpkg_reconfigure_unattended_upgrades
  when:
    - unattended_upgrades_config_set.changed or
      unattended_upgrades_settings_set.changed

- name: Configure updates installation timing
  ansible.builtin.lineinfile:
    path: /lib/systemd/system/apt-daily-upgrade.timer
    regexp: '^OnCalendar'
    line: OnCalendar=*-*-* {{ install_time }}
  notify: systemd reload

- name: Configure updates installation timing offset
  ansible.builtin.lineinfile:
    path: '/lib/systemd/system/apt-daily-upgrade.timer'
    regexp: '^RandomizedDelaySec'
    line: 'RandomizedDelaySec={{ reboot_offset }}'
  notify: systemd reload